CN106845220A - A kind of Android malware detecting system and method - Google Patents
A kind of Android malware detecting system and method Download PDFInfo
- Publication number
- CN106845220A CN106845220A CN201510890041.7A CN201510890041A CN106845220A CN 106845220 A CN106845220 A CN 106845220A CN 201510890041 A CN201510890041 A CN 201510890041A CN 106845220 A CN106845220 A CN 106845220A
- Authority
- CN
- China
- Prior art keywords
- feature
- authority
- api
- sfd
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Debugging And Monitoring (AREA)
- Stored Programmes (AREA)
Abstract
Android malware detecting system and method that the present invention is provided, API feature extractions and authority feature are extracted using characteristic extracting module, the TF-SFD of each API feature and authority feature is calculated according to feature selection module, and sorted from big to small according to the numerical value of TF-SFD, M1 API feature before selection, preceding M2 authority feature constitutes eigenmatrix, the eigenmatrix is trained by class identification module again, obtain disaggregated model, and the sort module is differentiated, above-mentioned detection method is simple, and amount of calculation is small, and Detection results are higher.
Description
Technical field
The present invention relates to software detection technical field, more particularly to a kind of Android malware detecting system and
Method.
Background technology
Mobile Malware refers to all malicious operation can be performed on smart mobile phone or tablet PC
Application program, can cause system crash, the loss of user's confidential information or leakage.Intelligent terminal and cloud computing
With the fusion for accelerating propulsion information technology and the communication technology, mobile Internet high speed development is promoted.With
The development of mobile Internet, mobile terminal user colony is increasingly huge.But under the ordering about of economic interests,
The quantity of mobile Malware is in explosive growth, and various mobile Malware families are even more ever-changing, sternly
The sound development of mobile Internet is threaten again, and very important harm is brought to user and intelligent terminal.
The potential safety hazard of Android platform is especially prominent, and report display 96% moves Malware for Android systems
System, the Android applications being currently downloaded more than 5,000,000,000 are under the threat of assault.Additionally,
The malicious application quantity for being intended to steal Android user's financial information is also rapidly increasing.
The more extensive Android malware detection of research at present includes dynamic analysis and static analysis.Dynamic
Analysis is mainly feature when analysis program is run, including system call sequence and data flow etc..These methods
The kernel of modification Android system is needed, and brings substantial amounts of real-time calculating.Static detection method is by dividing
The source code of application program is analysed, application program is not run.The common static nature of Android platform Malware
Have:API features and authority feature.Aafer et al. is extracted API, package and API parameter attributes make
Feature is classified with different graders, including ID3, C4.5, k-NN and SVMs.Cen
Et al. be extracted API features, and distinguish that model is differentiated using probability.Their use information gains, card
Side's inspection carries out assignment to primitive character, and selection numerical value feature high constitutes new characteristic vector, then carries out
Detection.
TF-IDF is a kind of information processing technology, is mainly used in the selection of feature.The numerical value of IDF is normal soft
It is usually equal in part and Malware, therefore without separating capacity.
The content of the invention
It is an object of the present invention to solve that traditional Android malware detection time is long and accuracy of detection is low
Technical problem.
The object of the invention to solve the technical problems is realized using following technical scheme.
A kind of Android malware detecting system, including:
Characteristic extracting module, for extracting API feature extractions and authority feature;
Feature selection module, the TF-SFD for calculating each API feature and authority feature, and according to
The numerical value of TF-SFD sorts from big to small, M1 API feature before selection, preceding M2 authority feature composition
Eigenmatrix;
Taxonomic history module:The eigenmatrix is trained, disaggregated model is obtained, and to the classification
Module is differentiated.
In a better embodiment of the invention, the characteristic extracting module include API characteristic extracting modules and
Authority characteristic extracting module.
In a better embodiment of the invention, the API characteristic extracting modules are based on Dedexer instruments,
By ordering " java-jar Dedexer.jar-d<directory><dex file>" compile classes.dex file reverses
Smali files are translated into, the API features of Android application software are extracted in smali files.
In a better embodiment of the invention, the authority characteristic extracting module passes through decompiling
AndroidManifest.xml files extract authority feature, and the software is represented by authority characteristic vector,
If the software application authority, 1 is set to;Do not apply for the authority, be then set to 0.
In a better embodiment of the invention, the feature selection module calculates each API by following algorithms
The TF-SFD of feature and authority feature,
TF-SFDI, j=TFI, j*SFDi
Wherein:WI, jRefer to ith feature, the number of times occurred in j-th class, N refers to the sum of feature,
NiMalRefer to the Malware quantity comprising ith feature, NMALRefer to Malware sum, NiBenIt is bag
Normal software quantity containing ith feature, NBenIt is normal software sum.
In a better embodiment of the invention, the taxonomic history module is by random forests algorithm to described
Eigenmatrix is trained, and obtains disaggregated model, and the sort module is differentiated.
In a better embodiment of the invention, the class identification module passes through NB Algorithm or support
Vector machine algorithm or neural network algorithm or decision Tree algorithms are trained to the eigenmatrix, are classified
Model, and the sort module is differentiated.
Additionally, present invention also offers a kind of Android malware detection method, comprising the steps:
Extract API feature extractions and authority feature;
Calculate the TF-SFD of each API feature and authority feature, and according to the numerical value of TF-SFD from big to small
Sequence, M1 API feature before selection, preceding M2 authority feature constitutes eigenmatrix;
The eigenmatrix is trained, disaggregated model is obtained, and the sort module is differentiated.
In a better embodiment of the invention, extract API feature extractions and be specially:Based on Dedexer works
Tool, by ordering " java-jar Dedexer.jar-d<directory><dex file>" by classes.dex files
Smali files are decompiled into, the API features of Android application software are extracted in smali files;
Authority feature is extracted to be specially:Authority feature is extracted by decompiling AndroidManifest.xml files,
And represent the software by authority characteristic vector, if the software application authority, it is set to 1;The power is not applied for
Limit, then be set to 0.
In a better embodiment of the invention, each API feature and authority feature are calculated by following algorithms
TF-SFD,
TF-SFDI, j=TFI, j*SFDi
Wherein:WI, jRefer to ith feature, the number of times occurred in j-th class, N refers to the sum of feature,
NiMalRefer to the Malware quantity comprising ith feature, NMALRefer to Malware sum, NiBenIt is bag
Normal software quantity containing ith feature, NBenIt is normal software sum.
The present invention has following beneficial effects using above-mentioned technical proposal:
Android malware detecting system and method that the present invention is provided, are extracted using characteristic extracting module
API feature extractions and authority feature, each API feature and authority feature are calculated according to feature selection module
TF-SFD, and sorted from big to small according to the numerical value of TF-SFD, M1 API feature before selection, preceding M2
Individual authority feature constitutes eigenmatrix, then the eigenmatrix is trained by class identification module, obtains
Disaggregated model, and the sort module is differentiated, above-mentioned detection method is simple, and amount of calculation is small, detection
Effect is higher.
Additionally, the Android malware detecting system and method for present invention offer are selected according to TF-SFD features
Select technology, API features and authority feature quantity can be efficiently reduced, thus reduce training and identification when
Between;Meanwhile, invalid feature can be deleted, so as to improve nicety of grading.
Described above is only the general introduction of technical solution of the present invention, in order to better understand technology of the invention
Means, and being practiced according to the content of specification, and in order to allow above and other purpose of the invention,
Feature and advantage can become apparent, and below especially exemplified by preferred embodiment, and coordinate accompanying drawing, describe in detail such as
Under.
Brief description of the drawings
Fig. 1 is the functional block diagram of Android malware detecting system provided in an embodiment of the present invention.
Fig. 2 is the principle schematic of the Android malware detecting system that a preferred embodiment of the present invention is provided.
The step of Fig. 3 is Android malware detection method provided in an embodiment of the present invention flow chart.
Fig. 4 is TF-SFD proposed by the present invention and original TF-IDF contrast schematic diagrams.
Fig. 5 carries out API feature extraction schematic diagrames for the present invention using TF-SFD.
Specific embodiment
For the ease of understanding the present invention, the present invention is described more fully below with reference to relevant drawings.
Better embodiment of the invention is given in accompanying drawing.But, the present invention can come in many different forms
Realize, however it is not limited to embodiments described herein.On the contrary, provide the purpose of these implementation methods being
Make to the more thorough comprehensive of the disclosure understanding.
Unless otherwise defined, all of technologies and scientific terms used here by the article with belong to technology of the invention
The implication that the technical staff in field is generally understood that is identical.The art for being used in the description of the invention herein
Language is intended merely to describe the purpose of specific embodiment, it is not intended that in the limitation present invention.It is used herein
Term " and/or " include one or more related Listed Items arbitrary and all of combination.
Fig. 1 and Fig. 2 is refer to, wherein, Fig. 1 is Android malware inspection provided in an embodiment of the present invention
The functional block diagram of examining system, the Android malware detection that Fig. 2 is provided for a preferred embodiment of the present invention
The principle schematic of system.The Android malware detecting system that the present invention is provided includes:Feature extraction mould
Block 110, feature selection module 120 and taxonomic history module 130.
Wherein, characteristic extracting module 110 is used to extract API feature extractions and authority feature;
Preferably, the characteristic extracting module 110 includes API characteristic extracting modules and authority feature extraction mould
Block.
The API characteristic extracting modules are based on Dedexer instruments, by ordering " java-jar Dedexer.jar-d
<directory><dex file>" classes.dex files are decompiled into smali files, in smali files
Extract the API features of Android application software.
The authority characteristic extracting module extracts authority feature by decompiling AndroidManifest.xml files,
And represent the software by authority characteristic vector, if the software application authority, it is set to 1;The power is not applied for
Limit, then be set to 0.
It is appreciated that characteristic extracting module 110 can also be an integration module, this is integrated with the API
The function of characteristic extracting module and the authority characteristic extracting module, so that there is provided the integrated level of system.
Feature selection module 120 is used to calculating the TF-SFD of each API feature and authority feature, and according to
The numerical value of TF-SFD sorts from big to small, M1 API feature before selection, preceding M2 authority feature composition
Eigenmatrix.
Preferably, the feature selection module 120 calculates each API feature by following algorithms and authority is special
The TF-SFD for levying,
TF-SFDI, j=TFI, j*SFDi
Wherein:WI, jRefer to ith feature, the number of times occurred in j-th class, N refers to the sum of feature,
NiMalRefer to the Malware quantity comprising ith feature, NMALRefer to Malware sum, NiBenIt is bag
Normal software quantity containing ith feature, NBenIt is normal software sum.
It is appreciated that the present invention uses TF-SFD Feature Selections, API features can be efficiently reduced
With authority feature quantity so that reduce training with identification time.
Additionally, the present invention uses TF-SFD Feature Selections, invalid feature can be deleted, so as to improve point
Class precision.
130 pairs of eigenmatrixes of taxonomic history module are trained, and obtain disaggregated model, and to described point
Generic module is differentiated.
Preferably, the taxonomic history module 130 is instructed by random forests algorithm to the eigenmatrix
Practice, obtain disaggregated model, and the sort module is differentiated.
It is appreciated that the present invention is sub to the composite character including Android API and authority using random forests algorithm
Collection is classified, and obtains disaggregated model, and the sort module is differentiated, such that it is able to improve movement
The precision of Malware identification.
Preferably, the class identification module 130 can also be calculated by NB Algorithm or SVMs
Method or neural network algorithm or decision Tree algorithms are trained to the eigenmatrix, obtain disaggregated model, and
The sort module is differentiated.
Fig. 3 is referred to, flow the step of be Android malware detection method provided in an embodiment of the present invention
Figure, including:
Step S10:Extract API feature extractions and authority feature;
Step S20:The TF-SFD of each API feature and authority feature is calculated, and according to the number of TF-SFD
Value sorts from big to small, and M1 API feature before selection, preceding M2 authority feature constitutes eigenmatrix;
Step S30:The eigenmatrix is trained, disaggregated model is obtained, and the sort module is entered
Row differentiates.
Android malware detecting system and method that the present invention is provided, are extracted using characteristic extracting module
API feature extractions and authority feature, each API feature and authority feature are calculated according to feature selection module
TF-SFD, and sorted from big to small according to the numerical value of TF-SFD, M1 API feature before selection, preceding M2
Individual authority feature constitutes eigenmatrix, then the eigenmatrix is trained by class identification module, obtains
Disaggregated model, and the sort module is differentiated, above-mentioned detection method is simple, and amount of calculation is small, detection
Effect is higher.
Additionally, the Android malware detecting system and method for present invention offer are selected according to TF-SFD features
Select technology, API features and authority feature quantity can be efficiently reduced, thus reduce training and identification when
Between;Meanwhile, invalid feature can be deleted, so as to improve nicety of grading.
Embodiment
Fig. 4 is referred to, is TF-SFD proposed by the present invention and original TF-IDF contrast schematic diagrams, from figure
In as can be seen that using TF-SFD selection authority (Permission) tagsort precision be higher than TF-IDF,
When preceding 20 authority features are selected, nicety of grading is more than 84%, close to the authority feature using whole.
Refer to Fig. 5, be that the present invention carries out API feature extractions using TF-SFD, preceding 100 features point
Class precision can be higher than using whole features.
Embodiment described above only expresses several embodiments of the invention, and its description is more specific and detailed,
But therefore can not be interpreted as the limitation to the scope of the claims of the present invention.It should be pointed out that for this area
Those of ordinary skill for, without departing from the inventive concept of the premise, can also make it is some deformation and
Improve, these belong to protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be with appended
Claim is defined.
Claims (10)
1. a kind of Android malware detecting system, it is characterised in that including:
Characteristic extracting module, for extracting API feature extractions and authority feature;
Feature selection module, the TF-SFD for calculating each API feature and authority feature, and according to
The numerical value of TF-SFD sorts from big to small, M1 API feature before selection, preceding M2 authority feature composition
Eigenmatrix;
Taxonomic history module, is trained to the eigenmatrix, obtains disaggregated model, and to the classification
Module is differentiated.
2. Android malware detecting system as claimed in claim 1, it is characterised in that the spy
Levying extraction module includes API characteristic extracting modules and authority characteristic extracting module.
3. Android malware detecting system as claimed in claim 2, it is characterised in that the API
Characteristic extracting module is based on Dedexer instruments, by ordering " java-jar Dedexer.jar-d<directory>
<dex file>" classes.dex files are decompiled into smali files, extract Android in smali files
The API features of application software.
4. Android malware detecting system as claimed in claim 2, it is characterised in that the power
Limit characteristic extracting module extracts authority feature by decompiling AndroidManifest.xml files, and by power
Limit characteristic vector represents the software, if the software application authority, is set to 1;Do not apply for the authority, then put
It is 0.
5. Android malware detecting system as claimed in claim 1, it is characterised in that the spy
The TF-SFD that selecting module calculates each API feature and authority feature by following algorithms is levied,
TF-SFDI, j=TFI, j*SFDi
Wherein:wI, jRefer to ith feature, the number of times occurred in j-th class, N refers to the sum of feature,
NiMalRefer to the Malware quantity comprising ith feature, NMALRefer to Malware sum, NiBenIt is bag
Normal software quantity containing ith feature, NBenIt is normal software sum.
6. Android malware detecting system as claimed in claim 1, it is characterised in that described point
Class identification module is trained by random forests algorithm to the eigenmatrix, obtains disaggregated model, and right
The sort module is differentiated.
7. Android malware detecting system as claimed in claim 1, it is characterised in that the class
Identification module passes through NB Algorithm or algorithm of support vector machine or neural network algorithm or decision Tree algorithms
The eigenmatrix is trained, disaggregated model is obtained, and the sort module is differentiated.
8. a kind of Android malware detection method, it is characterised in that comprise the steps:
Extract API feature extractions and authority feature;
Calculate the TF-SFD of each API feature and authority feature, and according to the numerical value of TF-SFD from big to small
Sequence, M1 API feature before selection, preceding M2 authority feature constitutes eigenmatrix;
The eigenmatrix is trained, disaggregated model is obtained, and the sort module is differentiated.
9. Android malware detection method as claimed in claim 8, it is characterised in that
API feature extractions are extracted to be specially:Based on Dedexer instruments, by ordering " java-jar Dedexer.jar
-d<directory><dex file>" classes.dex files are decompiled into smali files, in smali files
The API features of middle extraction Android application software;
Authority feature is extracted to be specially:Authority feature is extracted by decompiling AndroidManifest.xml files,
And represent the software by authority characteristic vector, if the software application authority, it is set to 1;The power is not applied for
Limit, then be set to 0.
10. Android malware detection method as claimed in claim 8, it is characterised in that under
The TF-SFD that algorithm calculates each API feature and authority feature is stated,
TF-SFDI, j=TFI, j*SFDi
Wherein:wI, jRefer to ith feature, the number of times occurred in j-th class, N refers to the sum of feature,
NiMalRefer to the Malware quantity comprising ith feature, NMALRefer to Malware sum, NiBenIt is bag
Normal software quantity containing ith feature, NBenIt is normal software sum.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510890041.7A CN106845220B (en) | 2015-12-07 | 2015-12-07 | Android malicious software detection system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510890041.7A CN106845220B (en) | 2015-12-07 | 2015-12-07 | Android malicious software detection system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106845220A true CN106845220A (en) | 2017-06-13 |
CN106845220B CN106845220B (en) | 2020-08-25 |
Family
ID=59151367
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510890041.7A Active CN106845220B (en) | 2015-12-07 | 2015-12-07 | Android malicious software detection system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106845220B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107506646A (en) * | 2017-09-28 | 2017-12-22 | 努比亚技术有限公司 | Detection method, device and the computer-readable recording medium of malicious application |
CN107729754A (en) * | 2017-09-25 | 2018-02-23 | 暨南大学 | Android malware detection method based on API features |
CN107832611A (en) * | 2017-10-21 | 2018-03-23 | 北京理工大学 | The bot program detection and sorting technique that a kind of dynamic static nature combines |
CN108985060A (en) * | 2018-07-04 | 2018-12-11 | 中共中央办公厅电子科技学院 | A kind of extensive Android Malware automated detection system and method |
CN109344614A (en) * | 2018-07-23 | 2019-02-15 | 厦门大学 | A kind of Android malicious application online test method |
CN109753800A (en) * | 2019-01-02 | 2019-05-14 | 重庆邮电大学 | Merge the Android malicious application detection method and system of frequent item set and random forests algorithm |
CN109886020A (en) * | 2019-01-24 | 2019-06-14 | 燕山大学 | Software vulnerability automatic classification method based on deep neural network |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104376262A (en) * | 2014-12-08 | 2015-02-25 | 中国科学院深圳先进技术研究院 | Android malware detecting method based on Dalvik command and authority combination |
CN104750844A (en) * | 2015-04-09 | 2015-07-01 | 中南大学 | Method and device for generating text characteristic vectors based on TF-IGM, method and device for classifying texts |
CN104834857A (en) * | 2015-03-27 | 2015-08-12 | 清华大学深圳研究生院 | Method and device for detecting Android malicious software in batch |
-
2015
- 2015-12-07 CN CN201510890041.7A patent/CN106845220B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104376262A (en) * | 2014-12-08 | 2015-02-25 | 中国科学院深圳先进技术研究院 | Android malware detecting method based on Dalvik command and authority combination |
CN104834857A (en) * | 2015-03-27 | 2015-08-12 | 清华大学深圳研究生院 | Method and device for detecting Android malicious software in batch |
CN104750844A (en) * | 2015-04-09 | 2015-07-01 | 中南大学 | Method and device for generating text characteristic vectors based on TF-IGM, method and device for classifying texts |
Non-Patent Citations (1)
Title |
---|
陈珉: "基于Android平台的安全检测***", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107729754A (en) * | 2017-09-25 | 2018-02-23 | 暨南大学 | Android malware detection method based on API features |
CN107506646A (en) * | 2017-09-28 | 2017-12-22 | 努比亚技术有限公司 | Detection method, device and the computer-readable recording medium of malicious application |
CN107506646B (en) * | 2017-09-28 | 2021-08-10 | 努比亚技术有限公司 | Malicious application detection method and device and computer readable storage medium |
CN107832611A (en) * | 2017-10-21 | 2018-03-23 | 北京理工大学 | The bot program detection and sorting technique that a kind of dynamic static nature combines |
CN107832611B (en) * | 2017-10-21 | 2020-12-08 | 北京理工大学 | Zombie program detection and classification method combining dynamic and static characteristics |
CN108985060A (en) * | 2018-07-04 | 2018-12-11 | 中共中央办公厅电子科技学院 | A kind of extensive Android Malware automated detection system and method |
CN109344614A (en) * | 2018-07-23 | 2019-02-15 | 厦门大学 | A kind of Android malicious application online test method |
CN109753800A (en) * | 2019-01-02 | 2019-05-14 | 重庆邮电大学 | Merge the Android malicious application detection method and system of frequent item set and random forests algorithm |
CN109886020A (en) * | 2019-01-24 | 2019-06-14 | 燕山大学 | Software vulnerability automatic classification method based on deep neural network |
CN109886020B (en) * | 2019-01-24 | 2020-02-04 | 燕山大学 | Software vulnerability automatic classification method based on deep neural network |
Also Published As
Publication number | Publication date |
---|---|
CN106845220B (en) | 2020-08-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106845220A (en) | A kind of Android malware detecting system and method | |
CN104331436B (en) | The quick classifying method of malicious code based on family gene code | |
CN105205397B (en) | Rogue program sample sorting technique and device | |
Jeon et al. | Hybrid malware detection based on Bi-LSTM and SPP-Net for smart IoT | |
CN109753800A (en) | Merge the Android malicious application detection method and system of frequent item set and random forests algorithm | |
CN107315954A (en) | A kind of file type identification method and server | |
KR102007809B1 (en) | A exploit kit detection system based on the neural net using image | |
CN104123501B (en) | A kind of viral online test method based on many assessor set | |
CN108959924A (en) | A kind of Android malicious code detecting method of word-based vector sum deep neural network | |
CN111639337B (en) | Unknown malicious code detection method and system for massive Windows software | |
CN107659570A (en) | Webshell detection methods and system based on machine learning and static and dynamic analysis | |
CN106874761A (en) | A kind of Android system malicious application detection method and system | |
CN106503558A (en) | A kind of Android malicious code detecting methods that is analyzed based on community structure | |
CN106599688A (en) | Application category-based Android malicious software detection method | |
CN109190372A (en) | A kind of JavaScript Malicious Code Detection model based on bytecode | |
CN107368592B (en) | Text feature model modeling method and device for network security report | |
CN109271788A (en) | A kind of Android malware detection method based on deep learning | |
CN107944274A (en) | A kind of Android platform malicious application off-line checking method based on width study | |
CN107180190A (en) | A kind of Android malware detection method and system based on composite character | |
CN106685964A (en) | Malicious software detecting method and system based on malicious network flow word library | |
CN107958154A (en) | A kind of malware detection device and method | |
CN110362995A (en) | It is a kind of based on inversely with the malware detection of machine learning and analysis system | |
CN106778851A (en) | Social networks forecasting system and its method based on Mobile Phone Forensics data | |
CN112016317A (en) | Sensitive word recognition method and device based on artificial intelligence and computer equipment | |
CN105808602B (en) | Method and device for detecting junk information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |